Hello I am getting an error others haven’t seemed to have run into. I’m very new to AWS, and Serverless is my first go at using it.
In windows powershell:
aws cognito-idp admin-confirm-sign-up
–region us-east-2
–user-pool-id us-east-2**********
–username admin@example.commailto:admin@example.com \
I get the following error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)
Advice would be greatly appreciated so I can keep chugging through this tutorial i have changed it all to be the correct region as well. I don’t really understand what my error means
From @johanseland on Wed Dec 13 2017 19:23:46 GMT+0000 (UTC)
I also got the InvalidSignatureExceptionError when trying to run admin-confirm-sign-up step. Strangely the sign-up step worked as expected, so there must be a difference in how these two commands escapes the secret key.
I am adding this here in case someone else runs into problems, as this issue pops up on top of the Google search.
The error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: The request signature we calculated does not match the signature you provided. Check your AWS Secretr Access Key and signing method. Consult the service documentation for details.
This was caused by my secret key containing a plus ‘+’ sign.
This happened on a Windows 10 installation with the following awscli version.
From @karthickng on Fri Mar 09 2018 06:34:45 GMT+0000 (UTC)
I had the InvalidSignatureException issue, and it was resolved once I added a new access key for the admin user! I don’t know the reason why, but this worked for me.
I receive: An error occurred (ResourceNotFoundException) when calling the AdminConfirmSignUp operation: User pool us-east-1_mV4oIXtXy does not exist.
I’ve done the following:
Generated a new Access ID and Secret Key for my serverless system account (since mine had a ‘+’ in it and I’m on Windows)
Delete the user pool and start over
Confirm the user pool id is correct and in the same region as the command
Use the ARN instead of user pool id
Tried running the describe-user-pool command with the user pool id and having the same error
Confirmed my AWS configure was correct and that the serverless account has admin access
I will confirm the user manually through the console, but I want to know why this is happening. Any ideas? Thanks.
Update
I figured it out. My AWS credentials file was corrupt, if you can call it that. It had two credentials under the [default] name. I’m not sure how that happened. I discovered this problem by running aws configure again and seeing that my new keys weren’t being persisted. On Windows, I navigated to %USER_PROFILE%\.aws and edited the credentials file in a text editor as opposed to through the command window. Then, when I ran my command to confirm the user, it worked as expected.
From @codywr on Fri Mar 23 2018 02:22:08 GMT+0000 (UTC)
I started the tutorial a couple months ago and ran into some problems. I only just recently picked it back up trying to double check each step and noticed an error on this one.
Doing this on a Raspberry Pi (running Raspbian) and have noticed that some of the libraries are quite old. That said, here is my aws version:
but when I go to confirm the creation, I get an error:
pi@raspberrypi:~/sandbox $ aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id $my_client_id --username admin@example.com
An error occurred (NotAuthorizedException) when calling the AdminConfirmSignUp operation: User cannot be confirm. Current status is CONFIRMED
Checking the aws console shows successful creation and confirmation (I think):
Is this all expected behavior? I have double checked the region (a frequent problem it appears) and created a new IAM (Access key ID , Secret access key) pair (and re-running aws configure) to no avail.
I would like to echo what others have said about including expected output in this section of the tutorial and/or some common problems and how to resolve them.
From @codywr on Fri Mar 23 2018 23:20:32 GMT+0000 (UTC)
@jayair Can it only be confirmed once? I was expecting a confirmation each time I asked for one. From the look of the error (NotAuthorizedException), I was thinking this was some sort of permissions problem.
I see. The other thing to be check would be your the time on your local machine. Sometimes the hashes generated are off when the server vs local time is off by a lot.